blob: d978f863ad2a9a54274a86496e1530c65015330f [file] [log] [blame]
Alice Wang24954b42023-02-06 10:03:45 +00001// Copyright 2023, The Android Open Source Project
2//
3// Licensed under the Apache License, Version 2.0 (the "License");
4// you may not use this file except in compliance with the License.
5// You may obtain a copy of the License at
6//
7// http://www.apache.org/licenses/LICENSE-2.0
8//
9// Unless required by applicable law or agreed to in writing, software
10// distributed under the License is distributed on an "AS IS" BASIS,
11// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12// See the License for the specific language governing permissions and
13// limitations under the License.
14
15//! This module mirrors the content in open-dice/include/dice/ops.h
16//! It contains the set of functions that implement various operations that the
17//! main DICE functions depend on.
18
Alice Wang8722d9e2023-02-13 14:56:56 +000019use crate::dice::{
Alice Wangf59662d2023-02-10 16:07:56 +000020 Hash, InputValues, PrivateKey, PublicKey, Signature, HASH_SIZE, PRIVATE_KEY_SEED_SIZE,
21 PRIVATE_KEY_SIZE, PUBLIC_KEY_SIZE, SIGNATURE_SIZE,
Alice Wang8722d9e2023-02-13 14:56:56 +000022};
Alice Wang24954b42023-02-06 10:03:45 +000023use crate::error::{check_result, Result};
Alice Wangf59662d2023-02-10 16:07:56 +000024use open_dice_cbor_bindgen::{
25 DiceGenerateCertificate, DiceHash, DiceKdf, DiceKeypairFromSeed, DiceSign, DiceVerify,
26};
Alice Wang24954b42023-02-06 10:03:45 +000027use std::ptr;
28
29/// Hashes the provided input using DICE's hash function `DiceHash`.
30pub fn hash(input: &[u8]) -> Result<Hash> {
31 let mut output: Hash = [0; HASH_SIZE];
32 // SAFETY: DiceHash takes a sized input buffer and writes to a constant-sized output buffer.
33 // The first argument context is not used in this function.
Alice Wangef999242023-05-22 11:14:59 +000034 check_result(
35 unsafe {
36 DiceHash(
37 ptr::null_mut(), // context
38 input.as_ptr(),
39 input.len(),
40 output.as_mut_ptr(),
41 )
42 },
43 output.len(),
44 )?;
Alice Wang24954b42023-02-06 10:03:45 +000045 Ok(output)
46}
Alice Wang6ef44bc2023-02-08 12:08:32 +000047
48/// An implementation of HKDF-SHA512. Derives a key of `derived_key.len()` bytes from `ikm`, `salt`,
49/// and `info`. The derived key is written to the `derived_key`.
50pub fn kdf(ikm: &[u8], salt: &[u8], info: &[u8], derived_key: &mut [u8]) -> Result<()> {
51 // SAFETY: The function writes to the `derived_key`, within the given bounds, and only reads the
52 // input values. The first argument context is not used in this function.
Alice Wangef999242023-05-22 11:14:59 +000053 check_result(
54 unsafe {
55 DiceKdf(
56 ptr::null_mut(), // context
57 derived_key.len(),
58 ikm.as_ptr(),
59 ikm.len(),
60 salt.as_ptr(),
61 salt.len(),
62 info.as_ptr(),
63 info.len(),
64 derived_key.as_mut_ptr(),
65 )
66 },
67 derived_key.len(),
68 )
Alice Wang6ef44bc2023-02-08 12:08:32 +000069}
Alice Wang4d611772023-02-13 09:45:21 +000070
Alice Wangf59662d2023-02-10 16:07:56 +000071/// Deterministically generates a public and private key pair from `seed`.
72/// Since this is deterministic, `seed` is as sensitive as a private key and can
73/// be used directly as the private key.
74pub fn keypair_from_seed(seed: &[u8; PRIVATE_KEY_SEED_SIZE]) -> Result<(PublicKey, PrivateKey)> {
75 let mut public_key = [0u8; PUBLIC_KEY_SIZE];
76 let mut private_key = PrivateKey::default();
77 // SAFETY: The function writes to the `public_key` and `private_key` within the given bounds,
78 // and only reads the `seed`. The first argument context is not used in this function.
Alice Wangef999242023-05-22 11:14:59 +000079 check_result(
80 unsafe {
81 DiceKeypairFromSeed(
82 ptr::null_mut(), // context
83 seed.as_ptr(),
84 public_key.as_mut_ptr(),
85 private_key.as_mut_ptr(),
86 )
87 },
88 public_key.len(),
89 )?;
Alice Wangf59662d2023-02-10 16:07:56 +000090 Ok((public_key, private_key))
91}
92
Alice Wang8722d9e2023-02-13 14:56:56 +000093/// Signs the `message` with the give `private_key` using `DiceSign`.
94pub fn sign(message: &[u8], private_key: &[u8; PRIVATE_KEY_SIZE]) -> Result<Signature> {
95 let mut signature = [0u8; SIGNATURE_SIZE];
96 // SAFETY: The function writes to the `signature` within the given bounds, and only reads the
97 // message and the private key. The first argument context is not used in this function.
Alice Wangef999242023-05-22 11:14:59 +000098 check_result(
99 unsafe {
100 DiceSign(
101 ptr::null_mut(), // context
102 message.as_ptr(),
103 message.len(),
104 private_key.as_ptr(),
105 signature.as_mut_ptr(),
106 )
107 },
108 signature.len(),
109 )?;
Alice Wang8722d9e2023-02-13 14:56:56 +0000110 Ok(signature)
111}
112
113/// Verifies the `signature` of the `message` with the given `public_key` using `DiceVerify`.
114pub fn verify(message: &[u8], signature: &Signature, public_key: &PublicKey) -> Result<()> {
115 // SAFETY: only reads the messages, signature and public key as constant values.
116 // The first argument context is not used in this function.
Alice Wangef999242023-05-22 11:14:59 +0000117 check_result(
118 unsafe {
119 DiceVerify(
120 ptr::null_mut(), // context
121 message.as_ptr(),
122 message.len(),
123 signature.as_ptr(),
124 public_key.as_ptr(),
125 )
126 },
127 0,
128 )
Alice Wang8722d9e2023-02-13 14:56:56 +0000129}
130
Alice Wang4d611772023-02-13 09:45:21 +0000131/// Generates an X.509 certificate from the given `subject_private_key_seed` and
132/// `input_values`, and signed by `authority_private_key_seed`.
133/// The subject private key seed is supplied here so the implementation can choose
134/// between asymmetric mechanisms, for example ECDSA vs Ed25519.
135/// Returns the actual size of the generated certificate.
136pub fn generate_certificate(
137 subject_private_key_seed: &[u8; PRIVATE_KEY_SEED_SIZE],
138 authority_private_key_seed: &[u8; PRIVATE_KEY_SEED_SIZE],
139 input_values: &InputValues,
140 certificate: &mut [u8],
141) -> Result<usize> {
142 let mut certificate_actual_size = 0;
143 // SAFETY: The function writes to the `certificate` within the given bounds, and only reads the
144 // input values and the key seeds. The first argument context is not used in this function.
Alice Wangef999242023-05-22 11:14:59 +0000145 check_result(
146 unsafe {
147 DiceGenerateCertificate(
148 ptr::null_mut(), // context
149 subject_private_key_seed.as_ptr(),
150 authority_private_key_seed.as_ptr(),
151 input_values.as_ptr(),
152 certificate.len(),
153 certificate.as_mut_ptr(),
154 &mut certificate_actual_size,
155 )
156 },
157 certificate_actual_size,
158 )?;
Alice Wang4d611772023-02-13 09:45:21 +0000159 Ok(certificate_actual_size)
160}